Explore >> Select a destination
|
You are here 
|
blog.kotowicz.net | ||
| | | | |
spawnzii.github.io
|
|
| | | | | Introduction Every year ESNA organizes a CTF as an advent calendar, so there is a new challenge every day on a different theme, like pwn, forensic, programming, reverse and web. To motivate students to participate, the TOP 8 of the general ranking will be selected to participate in the CTF of EC2. The challenges are proposed by Worty & iHuggsy, but also by other trusted students ;). I was lucky enough to be able to create a challenge for the occasion, so I will start with this one. | |
| | | | |
blog.mindedsecurity.com
|
|
| | | | | Summary In 2007 it was discovered that Java Applets, in conjunction with LiveConnect plugin on Firefox, were vulnerable to DNS Rebinding ... | |
| | | | |
mathieu.fenniak.net
|
|
| | | | | Cross-site request forgery (CSRF) is a type of security exploit where a user's web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here's a brief example of a fictitious CSRF attack against a bank: | |
| | | | |
www.imperva.com
|
|
| | | Recently, a critical vulnerability in the widely used Apache OFBiz framework was disclosed, designated CVE-2024-45195. This vulnerability allows for unauthenticated remote code execution (RCE), making it an especially dangerous flaw for organizations using OFBiz in their business operations. An attacker without valid credentials can exploit missing view authorization checks in the web application, bypassing previous [...] | ||
